Support for passkey registration (#2885)

* support for fido2 auth * stub out registration implementations * stub out assertion steps and token issuance * verify token * webauthn tokenable * remove duplicate expiration set * revert sqlproj changes * update sqlproj target framework * update new validator signature * [PM-2014] Passkey registration (#2915) * [PM-2014] chore: rename `IWebAuthnRespository` to `IWebAuthnCredentialRepository` * [PM-2014] fix: add missing service registration * [PM-2014] feat: add user verification when fetching options * [PM-2014] feat: create migration script for mssql * [PM-2014] chore: append to todo comment * [PM-2014] feat: add support for creation token * [PM-2014] feat: implement credential saving * [PM-2014] chore: add resident key TODO comment * [PM-2014] feat: implement passkey listing * [PM-2014] feat: implement deletion without user verification * [PM-2014] feat: add user verification to delete * [PM-2014] feat: implement passkey limit * [PM-2014] chore: clean up todo comments * [PM-2014] fix: add missing sql scripts Missed staging them when commiting * [PM-2014] feat: include options response model in swagger docs * [PM-2014] chore: move properties after ctor * [PM-2014] feat: use `Guid` directly as input paramter * [PM-2014] feat: use nullable guid in token * [PM-2014] chore: add new-line * [PM-2014] feat: add support for feature flag * [PM-2014] feat: start adding controller tests * [PM-2014] feat: add user verification test * [PM-2014] feat: add controller tests for token interaction * [PM-2014] feat: add tokenable tests * [PM-2014] chore: clean up commented premium check * [PM-2014] feat: add user service test for credential limit * [PM-2014] fix: run `dotnet format` * [PM-2014] chore: remove trailing comma * [PM-2014] chore: add `Async` suffix * [PM-2014] chore: move delay to constant * [PM-2014] chore: change `default` to `null` * [PM-2014] chore: remove autogenerated weirdness * [PM-2014] fix: lint * Added check for PasswordlessLogin feature flag on new controller and methods. (#3284) * Added check for PasswordlessLogin feature flag on new controller and methods. * fix: build error from missing constructor argument --------- Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> * [PM-4171] Update DB to support PRF (#3321) * [PM-4171] feat: update database to support PRF * [PM-4171] feat: rename `DescriptorId` to `CredentialId` * [PM-4171] feat: add PRF felds to domain object * [PM-4171] feat: add `SupportsPrf` column * [PM-4171] fix: add missing comma * [PM-4171] fix: add comma * [PM-3263] fix identity server tests for passkey registration (#3331) * Added WebAuthnRepo to EF DI * updated config to match current grant types * Remove ExtensionGrantValidator (#3363) * Linting --------- Co-authored-by: Andreas Coroiu <acoroiu@bitwarden.com> Co-authored-by: Andreas Coroiu <andreas.coroiu@gmail.com> Co-authored-by: Todd Martin <106564991+trmartin4@users.noreply.github.com> Co-authored-by: Ike <137194738+ike-kottlowski@users.noreply.github.com> Co-authored-by: Todd Martin <tmartin@bitwarden.com>
2025-06-30 07:36:14 -05:00 · 2023-10-30 08:40:06 -05:00
parent 330e41a6d9
commit 44c559c723
33 changed files with 1207 additions and 5 deletions
--- a/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnCredentialCreateOptionsTokenableTests.cs
+++ b/test/Core.Test/Auth/Models/Business/Tokenables/WebAuthnCredentialCreateOptionsTokenableTests.cs
@ -0,0 +1,81 @@
+using Bit.Core.Auth.Models.Business.Tokenables;
+using Bit.Core.Entities;
+using Bit.Test.Common.AutoFixture.Attributes;
+using Fido2NetLib;
+using Xunit;
+
+namespace Bit.Core.Test.Auth.Models.Business.Tokenables;
+
+public class WebAuthnCredentialCreateOptionsTokenableTests
+{
+    [Theory, BitAutoData]
+    public void Valid_TokenWithoutUser_ReturnsFalse(CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(null, createOptions);
+
+        var isValid = token.Valid;
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void Valid_TokenWithoutOptions_ReturnsFalse(User user)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, null);
+
+        var isValid = token.Valid;
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void Valid_NewlyCreatedToken_ReturnsTrue(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, createOptions);
+
+        var isValid = token.Valid;
+
+        Assert.True(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_TokenWithoutUser_ReturnsFalse(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(null, createOptions);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_TokenWithoutOptions_ReturnsFalse(User user)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, null);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_NonMatchingUsers_ReturnsFalse(User user1, User user2, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user1, createOptions);
+
+        var isValid = token.TokenIsValid(user2);
+
+        Assert.False(isValid);
+    }
+
+    [Theory, BitAutoData]
+    public void ValidIsValid_SameUser_ReturnsTrue(User user, CredentialCreateOptions createOptions)
+    {
+        var token = new WebAuthnCredentialCreateOptionsTokenable(user, createOptions);
+
+        var isValid = token.TokenIsValid(user);
+
+        Assert.True(isValid);
+    }
+}
+